{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T01:20:02Z","timestamp":1740100802623,"version":"3.37.3"},"reference-count":61,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/sp46214.2022.9833681","type":"proceedings-article","created":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T19:28:05Z","timestamp":1658950085000},"page":"215-234","source":"Crossref","is-referenced-by-count":5,"title":["A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification"],"prefix":"10.1109","author":[{"given":"Quoc Huy","family":"Do","sequence":"first","affiliation":[{"name":"University of Stuttgart,Stuttgart,Germany"}]},{"given":"Pedram","family":"Hosseyni","sequence":"additional","affiliation":[{"name":"University of Stuttgart,Stuttgart,Germany"}]},{"given":"Ralf","family":"K\u00fcsters","sequence":"additional","affiliation":[{"name":"University of Stuttgart,Stuttgart,Germany"}]},{"given":"Guido","family":"Schmitz","sequence":"additional","affiliation":[{"name":"University of Stuttgart,Stuttgart,Germany"}]},{"given":"Nils","family":"Wenzler","sequence":"additional","affiliation":[{"name":"University of Stuttgart,Stuttgart,Germany"}]},{"given":"Tim","family":"W\u00fcrtele","sequence":"additional","affiliation":[{"name":"University of Stuttgart,Stuttgart,Germany"}]}],"member":"263","reference":[{"key":"ref13","article-title":"Payment Request API","author":"c\u00e1ceres","year":"2019","journal-title":"Tech Rep"},{"doi-asserted-by":"publisher","key":"ref57","DOI":"10.1109\/SP.2011.26"},{"key":"ref12","article-title":"Payment Method: Basic Card","author":"c\u00e1ceres","year":"2020","journal-title":"Tech Rep"},{"year":"2020","author":"wakefield","journal-title":"EasyJet admits data of nine million hacked","key":"ref56"},{"year":"0","journal-title":"Issue 1085712 Disallow duplicate payment method identifiers","key":"ref15"},{"year":"2019","author":"whittaker","journal-title":"DoorDash confirms data breach affected 4 9 million customers workers and merchants","key":"ref59"},{"year":"0","journal-title":"Issue 1028098 Disable switching payment method during retry","key":"ref14"},{"key":"ref58","article-title":"Web Cryptography API","author":"watson","year":"2017","journal-title":"Tech Rep"},{"year":"0","journal-title":"Issue 904 Clarification on payment handler selection in spec","article-title":"W3C Web Payments Issue Tracker","key":"ref53"},{"year":"0","journal-title":"Issue 903 Discuss findings of security analysis","article-title":"W3C Web Payments Issue Tracker","key":"ref52"},{"key":"ref11","article-title":"Payment Method Identifiers","author":"c\u00e1ceres","year":"2019","journal-title":"Tech Rep"},{"year":"2018","journal-title":"w3c payment-request-info FAQ","article-title":"W3C Web Payments Working Group","key":"ref55"},{"key":"ref10","first-page":"1","article-title":"Contribution to a Rigorous Analysis of Web Application Frameworks","volume":"7321","author":"b\u00f6rger","year":"2012","journal-title":"ABZ 2012"},{"year":"0","journal-title":"Issue 905 Disallow ambiguous methodData declarations?","article-title":"W3C Web Payments Issue Tracker","key":"ref54"},{"doi-asserted-by":"publisher","key":"ref17","DOI":"10.1145\/1124772.1124861"},{"doi-asserted-by":"publisher","key":"ref16","DOI":"10.1109\/CSF.2008.16"},{"doi-asserted-by":"publisher","key":"ref19","DOI":"10.5220\/0005544500650075"},{"key":"ref18","article-title":"A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification","author":"do","year":"2021","journal-title":"Cryptology ePrint Archive"},{"year":"0","journal-title":"Issue 882 Prevent double spending through retry","article-title":"W3C Web Payments Issue Tracker","key":"ref51"},{"year":"0","journal-title":"Web payments working group","key":"ref50"},{"doi-asserted-by":"publisher","key":"ref46","DOI":"10.1016\/j.elerap.2015.08.003"},{"key":"ref45","first-page":"113","article-title":"Formal Analysis of the EMV Protocol Suite","volume":"6993","author":"de ruiter","year":"2011","journal-title":"TOSCA 2011"},{"year":"2019","author":"shepard","journal-title":"Marriott Breach Unencrypted Passport Numbers Payment Cards Leaked","key":"ref48"},{"key":"ref47","article-title":"Service Workers 1","author":"russell","year":"2019","journal-title":"Tech Rep"},{"doi-asserted-by":"publisher","key":"ref42","DOI":"10.1109\/CSNT.2011.141"},{"doi-asserted-by":"publisher","key":"ref41","DOI":"10.1109\/SP.2010.33"},{"key":"ref44","article-title":"Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless","author":"roland","year":"2013","journal-title":"WOOT ’13"},{"doi-asserted-by":"publisher","key":"ref43","DOI":"10.1007\/978-3-319-56614-6_22"},{"year":"2020","journal-title":"Stripe JavaScript SDK documentation & reference","key":"ref49"},{"key":"ref8","first-page":"11","article-title":"Featherweight Firefox: formalizing the core of a web browser","author":"bohannon","year":"2010","journal-title":"WebApps’10 USENIX Association"},{"key":"ref7","article-title":"DY*: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code","author":"bhargavan","year":"2021","journal-title":"EuroS&P 2021 To appear IEEE Computer Society"},{"doi-asserted-by":"publisher","key":"ref9","DOI":"10.1109\/SP.2014.11"},{"key":"ref4","first-page":"324","article-title":"Bitcoin as a Transaction Ledger: A Composable Treatment","volume":"10401","author":"badertscher","year":"2017","journal-title":"Crypto"},{"key":"ref3","first-page":"35","article-title":"A Security API for Distributed Social Networks","volume":"11","author":"backes","year":"2011","journal-title":"NDSS’11"},{"doi-asserted-by":"publisher","key":"ref6","DOI":"10.1109\/SP40001.2021.00037"},{"doi-asserted-by":"publisher","key":"ref5","DOI":"10.3233\/JCS-140503"},{"year":"2019","journal-title":"Payment Request API","key":"ref40"},{"doi-asserted-by":"publisher","key":"ref35","DOI":"10.1145\/2420950.2420993"},{"year":"2017","author":"kitamura","journal-title":"Integrating the Payment Request API with a payment service provider","key":"ref34"},{"key":"ref37","article-title":"Payment Method Manifest","author":"liu","year":"2017","journal-title":"Tech Rep"},{"doi-asserted-by":"publisher","key":"ref36","DOI":"10.1007\/978-3-319-11379-1_10"},{"key":"ref31","article-title":"Web Authentication: An API for accessing Public Key Credentials","author":"hodges","year":"2021","journal-title":"Tech Rep"},{"year":"2019","journal-title":"Introduction to the Payment Request API","key":"ref30"},{"year":"2020","author":"jeong","journal-title":"Cashing in on the JavaScript Payment Request API","key":"ref33"},{"key":"ref32","article-title":"Payment Handler API","author":"hope-bailie","year":"2019","journal-title":"Tech Rep"},{"year":"2020","journal-title":"Apple Pay on the Web","key":"ref2"},{"doi-asserted-by":"publisher","key":"ref1","DOI":"10.1145\/360204.360213"},{"year":"2020","journal-title":"Payment Request API (EdgeHTML)","key":"ref39"},{"doi-asserted-by":"publisher","key":"ref38","DOI":"10.1007\/978-3-540-72738-5_6"},{"doi-asserted-by":"publisher","key":"ref24","DOI":"10.1145\/2976749.2978385"},{"doi-asserted-by":"publisher","key":"ref23","DOI":"10.1145\/2810103.2813726"},{"year":"2019","author":"fingas","journal-title":"StockX confirms it was hacked","key":"ref26"},{"doi-asserted-by":"publisher","key":"ref25","DOI":"10.1109\/CSF.2017.20"},{"doi-asserted-by":"publisher","key":"ref20","DOI":"10.1109\/SP.2019.00067"},{"doi-asserted-by":"publisher","key":"ref22","DOI":"10.1007\/978-3-319-24174-6_3"},{"doi-asserted-by":"publisher","key":"ref21","DOI":"10.1109\/SP.2014.49"},{"key":"ref28","first-page":"281","article-title":"The Bitcoin Backbone Protocol: Analysis and Applications","volume":"9057","author":"garay","year":"2015","journal-title":"Eurocrypt"},{"year":"2019","journal-title":"Why a Friction-Filled Online Checkout Process Causes Shopping Cart Abandonment","key":"ref27"},{"year":"2020","journal-title":"Google Pay API PaymentRequest Tutorial","key":"ref29"},{"year":"2019","author":"winder","journal-title":"Town Of Salem Hacked Leaving More Than 7 6M With Compromised Data","key":"ref60"},{"key":"ref61","article-title":"ApplePwn - The future of cardless fraud","author":"yunusov","year":"2017","journal-title":"BlackHat USA 2017"}],"event":{"name":"2022 IEEE Symposium on Security and Privacy (SP)","start":{"date-parts":[[2022,5,22]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833550\/9833558\/09833681.pdf?arnumber=9833681","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T23:09:04Z","timestamp":1699484944000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833681\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":61,"URL":"https:\/\/doi.org\/10.1109\/sp46214.2022.9833681","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}